[TriLUG] spoofing mac addresses
Tanner Lovelace
lovelace at wayfarer.org
Wed Aug 11 22:29:15 EDT 2004
Aaron S. Joyner said the following on 8/3/04 2:17 PM:
> The kicker here isn't getting it to respond to multiple MACs, or even
> redirect MACs as Ryan suggested, but to *associate* a particular MAC
> address with a particular address. You'd need some way, at the kernel
> level, to tell the OS that if a packet has a certain source address to
> send it with a certain Ethernet header. When you're composing
> individual packets and stuffing them in at the driver layer (how various
> arp poisoning attacks like Ryan describe do their dirty work), it's not
> so difficult to do. But you want to make a more large-scale
> modification to the way the OS is determining what MAC address to use
> when sending out packets. I did some cursory googling around to find a
> way to accomplish this task, but to no avail. I think this would be
> neat functionality to see in iptables or the iproute2 tools (or some
> derivative) in the future, but presently I just don't think Linux is
> capable of doing what you have in mind, in a wholesale manner.
Isn't this what proxy arp is for? Or does no one use that anymore?
Tanner (back in town and catching up on TriLUG messages...)
More information about the TriLUG
mailing list